Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:0577-1

Опубликовано: 25 фев. 2022
Источник: suse-cvrf

Описание

Security update for php72

This update for php72 fixes the following issues:

  • CVE-2015-9253: Fixed endless loop when the master process restarts a child process using program execution functions (bsc#1081790).
  • CVE-2017-8923: Fixed denial of service (application crash) when using .= with a long string (zend_string_extend func in Zend/zend_string.h) (bsc#1038980).
  • CVE-2021-21707: Fixed special character handling that broke path in xml parsing (bsc#1193041).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php72-7.2.5-1.75.1
php72-7.2.5-1.75.1
php72-bcmath-7.2.5-1.75.1
php72-bz2-7.2.5-1.75.1
php72-calendar-7.2.5-1.75.1
php72-ctype-7.2.5-1.75.1
php72-curl-7.2.5-1.75.1
php72-dba-7.2.5-1.75.1
php72-dom-7.2.5-1.75.1
php72-enchant-7.2.5-1.75.1
php72-exif-7.2.5-1.75.1
php72-fastcgi-7.2.5-1.75.1
php72-fileinfo-7.2.5-1.75.1
php72-fpm-7.2.5-1.75.1
php72-ftp-7.2.5-1.75.1
php72-gd-7.2.5-1.75.1
php72-gettext-7.2.5-1.75.1
php72-gmp-7.2.5-1.75.1
php72-iconv-7.2.5-1.75.1
php72-imap-7.2.5-1.75.1
php72-intl-7.2.5-1.75.1
php72-json-7.2.5-1.75.1
php72-ldap-7.2.5-1.75.1
php72-mbstring-7.2.5-1.75.1
php72-mysql-7.2.5-1.75.1
php72-odbc-7.2.5-1.75.1
php72-opcache-7.2.5-1.75.1
php72-openssl-7.2.5-1.75.1
php72-pcntl-7.2.5-1.75.1
php72-pdo-7.2.5-1.75.1
php72-pear-7.2.5-1.75.1
php72-pear-Archive_Tar-7.2.5-1.75.1
php72-pgsql-7.2.5-1.75.1
php72-phar-7.2.5-1.75.1
php72-posix-7.2.5-1.75.1
php72-pspell-7.2.5-1.75.1
php72-readline-7.2.5-1.75.1
php72-shmop-7.2.5-1.75.1
php72-snmp-7.2.5-1.75.1
php72-soap-7.2.5-1.75.1
php72-sockets-7.2.5-1.75.1
php72-sodium-7.2.5-1.75.1
php72-sqlite-7.2.5-1.75.1
php72-sysvmsg-7.2.5-1.75.1
php72-sysvsem-7.2.5-1.75.1
php72-sysvshm-7.2.5-1.75.1
php72-tidy-7.2.5-1.75.1
php72-tokenizer-7.2.5-1.75.1
php72-wddx-7.2.5-1.75.1
php72-xmlreader-7.2.5-1.75.1
php72-xmlrpc-7.2.5-1.75.1
php72-xmlwriter-7.2.5-1.75.1
php72-xsl-7.2.5-1.75.1
php72-zip-7.2.5-1.75.1
php72-zlib-7.2.5-1.75.1
SUSE Linux Enterprise Software Development Kit 12 SP5
php72-devel-7.2.5-1.75.1

Ссылки

Описание

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.75.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.75.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.75.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.75.1
Ссылки

Описание

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.75.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.75.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.75.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.75.1
Ссылки

Описание

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.75.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.75.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.75.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.75.1
Ссылки
Уязвимость SUSE-SU-2022:0577-1